Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1017

Message:

%{TransportProtocol} session created. Internal source transport addr: %{InternalSrcAddr}, Internal dest transport addr: %{InternalDstAddr}, External source transport addr %{ExternalSrcAddr}, External dest transport addr %{ExternalDstAddr}

Event Data:

# Name In Type
Out Type
1 InternalAddrLen win:UInt32 xs:unsignedInt
2 InternalSrcAddr win:Binary win:SocketAddress
3 InternalDstAddr win:Binary win:SocketAddress
4 ExternalAddrLen win:UInt32 xs:unsignedInt
5 ExternalSrcAddr win:Binary win:SocketAddress
6 ExternalDstAddr win:Binary win:SocketAddress
7 TransportProtocol win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: 6ZDVBDVHEIO7U